[Yeti DNS Discuss] 答复: Too many dependencies

Mukund Sivaraman muks at mukund.org
Mon Aug 27 09:34:30 UTC 2018

On Mon, Aug 27, 2018 at 04:32:59PM +0800, Davey Song(宋林健) wrote:
> Can you share some background on this "issue" ?

iDNS was a type of attack presented by a french security person 3-4
years ago. Basically, if a resolver has to resolve a nameserver's
address, that can involve recursively looking up other nameserver
addresses (indirection) infinitely. BIND (see CVE-2014-8500) and other
resolver projects were affected by this, and the fix was to have options
that forced a hard limit on the number of individual fetches a resolver
would perform to service a client query, and also a limit on the levels
of indirection when looking up a nameserver address.


More information about the discuss mailing list